Continual GDPR Compliance

Leveraging modern technologies and capabilities to ensure continual compliance

Meeting Day 1 GDPR requirements is a critical focus for many organisations leading up to 25 May 2018. However, forward thinking leaders are actively seeking sustainable means for overcoming the challenges of managing continual compliance, from May 25 onwards:

  • Planning to execution – Recruiting people to manage the executional elements of GDPR (i.e. data requests, breach notifications etc) ignores wider data challenges that many organisations face. Many simply do not have a consistent view of data across their business, let alone an easy way to access and interrogate disparate systems to retrieve the necessary data.

  • Auditability and transparency - Ensuring visibility into and around how data is processed is a critical element of the GDPR regulation. This requires companies to think harder about data within existing systems AND potential new data. Paper based records are also part of the regulation.
  • People – the regulation covers all personally identifiable data. This has implications for companies and employers. In both cases ensuring you can identify, validate/verify and retrieve PID is critical for compliance. And is one of the biggest challenges many companies face around GDPR, given how expansive the web of PID could be.

  • Third parties – GDPR extends beyond the bounds of internal systems and requires visibility into, and control over, any data processed by third parties. Obtaining this data can be a lengthy and laborious process and, given the risk this external data poses, a manual approach is often not as sufficient.

Continual compliance

GDPR is not a one off project, companies need to ensure up-to-date knowledge of the ever evolving regulation and, as new regulations come into play (such as the Network Information Security Directive), that customer and employee data is kept up-to-date, accurate and easily retrievable. New research suggests that Data Subject Requests (the process component of GDPR) can consume up to 40 hours per request. This is a significant administrative burden, particularly as many simply do not know the volumes of requests to expect.

We believe that automation offers a significant opportunity for forward thinking business leaders to overcome the challenge of effectively managing continual compliance. With greater accuracy and assurance, improved auditability and reliability and without the need to hire an army of administrators.

Symphony, working with a network of compliance, security and technology partners, offers an end-to-end approach to meeting Day 1 regulatory requirements (data maps, templates, policies etc).

Additionally, through the use of intelligent automation tools, Symphony enables companies to meet Day 2 (and beyond) execution requirements such as responding to Data Subject Requests.

The combination of our partners and Symphony offers a very compelling way to manage continual compliance, with high accuracy, speed and visibility, and without the need to significantly increase headcount.

The core pillars our end-to-end approach covers includes:

GDPR-core-pillars.jpg

Through our eco-system of partners, Symphony provide unique products and services that are essential for IT and information security teams to achieve strategic goals, protect and secure personal and sensitive data, and meet the GDPR’s requirements.

 

GDPR-offerings-overview.jpg

Consultancy & Implementation Services

  • DPO as a service (GDPR)
  • GDPR data flow audit
  • GDPR Gap Analysis
  • Live Online GDPR Consultancy
  • Process Capture and Mapping
  • Technology and Vendor Assessments
  • Technical Architecture and Target Operating Model Design
  • Configuration, development and deployment of in-scope Tools and solutions
  • Ongoing management and maintenance of tools and technical solutions

Training and Awareness

  • Certified EU GDPR Foundation training course
  • Certified EU GDPR Practitioner training course
  • Certified EU GDPR Distance Learning Foundation and Practitioner training course
  • GDPR Staff Awareness E-Learning Course
  • Data Protection Impact Assessment (DPIA) Workshop
  • Half or full day, interactive workshops exploring the concept of Continual Compliance and the best tools for the job

Standards, Books and Toolkits

  • EU GDPR – An Implementation and Compliance Guide
  • EU GDPR – A Pocket Guide
  • EU General Data Protection Regulation Documentation Toolkit
  • EU GDPR Compliance Gap Assessment Tool

Software and Tools

  • vsRisk™ Information Security Risk Assessment Tool
  • Endpoint Encryption Tools (Cloud-Based Endpoint Encryption)
  • Infrastructure, Network and Web Application Penetration Testing Services

Data Requests as Service

  • A subscription service for clients seeking to manage Data Subject Requests (and other process elements of the GDPR) without the need to hire an army of administrators.
  • An out-of-the box solution, configured to your systems and data flows, leveraging automation and workflow tools.
  • A Managed Service wrapper to provide clients complete transparency across their automated activities, to ensure the virtual workforce is managed effectively and in-line with the GDPR requirements.

The combination of Symphony and our network of partners offers an unparalleled depth of understanding of the GDPR requirements, how they should be met and how to continue meeting the ever evolving requirements post-implementation.

Leveraging a dedicated team to ensure successful compliance, we offer:

  • a complete compliance support service to help organisations prepare for and adapt to the GDPR

  • a specialist team with extensive data protection and information security management project expertise, both in the UK and overseas

  • best in class tools to understand each article within the regulation, manage compliance documents and house training material
  • an appreciation for the nuances of working in heavily regulated, complex environments, bringing a robust framework for delivering digital change initiatives, tried and tested in over 100 successful digital transformation programmes

  • a robust approach for effective design and configuration of continual compliance solutions – leveraging a proven methodology for defining, implementing and managing technical operations tools and technology.

Critically, we offer a sustainable, cost effective approach to managing the challenge of continual compliance through the use of Intelligent Automation.

"Symphony have adopted a very unique and forward looking approach to enabling continual compliance through the use of Enterprise RPA. We are very aligned with our thinking and excited about the potential for automation in the regulatory space"

Guy Kirkwood, Chief Evangelist, UiPath

" We're delighted to partner with Symphony Ventures and have the opportunity to support global enterprises in achieving and maintaining compliance with the GDPR. The imminent compliance deadline, fines incurred for data breaches and continuously evolving cyber threats mean organisations can no longer risk delaying compliance. Organisations should focus not only on implementing appropriate technical controls and security measures but also on delivering organisation-wide staff awareness to minimise the risk of a data breach resulting from human error and make data processors aware of the threats and risks. "

Alan Calder, Founder and Chief Executive Officer, IT Governance

GDPR-workshop-button.jpg

Workshop: Intelligent Automation and GDPR

Learn how components of GDPR can be enhanced by automation tools

GDPR-blog-button.jpg

Article: Automation & Continual Compliance?

An overview of how some of the biggest firms in the UK think about GDPR and Continual Compliance

GDPR-webinar-button.jpg

On-Demand Webinar: The Continual Compliance Challenge

Join us for a discussion around the challenges and opportunities around continual compliance

Find out more about how we can help you with your GDPR Compliance programme

Contact us